MediaWiki master
ApiQueryTokens.php
Go to the documentation of this file.
1<?php
12namespace MediaWiki\Api;
13
14use MediaWiki\MediaWikiServices;
15use MediaWiki\User\User;
16use Wikimedia\ParamValidator\ParamValidator;
17
24class ApiQueryTokens extends ApiQueryBase {
25
26 public function execute() {
27 $params = $this->extractRequestParams();
28
29 if ( $this->lacksSameOriginSecurity() ) {
30 $this->addWarning( [ 'apiwarn-tokens-origin' ] );
31 return;
32 }
33
34 $user = $this->getUser();
35 $session = $this->getRequest()->getSession();
36 $salts = self::getTokenTypeSalts();
37
38 $done = [];
39 $path = [ 'query', $this->getModuleName() ];
40 $this->getResult()->addArrayType( $path, 'assoc' );
41
42 foreach ( $params['type'] as $type ) {
43 $token = self::getToken( $user, $session, $salts[$type] )->toString();
44 $fit = $this->getResult()->addValue( $path, $type . 'token', $token );
45
46 if ( !$fit ) {
47 // Abuse type as a query-continue parameter and set it to all unprocessed types
48 $this->setContinueEnumParameter( 'type',
49 array_diff( $params['type'], $done ) );
50 break;
51 }
52 $done[] = $type;
53 }
54 }
55
64 public static function getTokenTypeSalts() {
65 static $salts = null;
66 if ( !$salts ) {
67 $salts = [
68 'csrf' => '',
69 'watch' => 'watch',
70 'patrol' => 'patrol',
71 'rollback' => 'rollback',
72 'userrights' => 'userrights',
73 'login' => [ '', 'login' ],
74 'createaccount' => [ '', 'createaccount' ],
75 ];
76 $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
77 $hookRunner = new ApiHookRunner( $hookContainer );
78 $hookRunner->onApiQueryTokensRegisterTypes( $salts );
79 ksort( $salts );
80 }
81
82 return $salts;
83 }
84
97 public static function getToken( User $user, \MediaWiki\Session\Session $session, $salt ) {
98 if ( is_array( $salt ) ) {
99 $token = $session->getToken( ...$salt );
100 } else {
101 $token = $user->getEditTokenObject( $salt, $session->getRequest() );
102 }
103 if ( $token->wasNew() ) {
104 $session->persist();
105 }
106 return $token;
107 }
108
110 public function getAllowedParams() {
111 return [
112 'type' => [
113 ParamValidator::PARAM_DEFAULT => 'csrf',
114 ParamValidator::PARAM_ISMULTI => true,
115 ParamValidator::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
116 ParamValidator::PARAM_ALL => true,
117 ],
118 ];
119 }
120
122 protected function getExamplesMessages() {
123 return [
124 'action=query&meta=tokens'
125 => 'apihelp-query+tokens-example-simple',
126 'action=query&meta=tokens&type=watch|patrol'
127 => 'apihelp-query+tokens-example-types',
128 ];
129 }
130
132 public function isReadMode() {
133 // So login tokens can be fetched on private wikis
134 return false;
135 }
136
138 public function getHelpUrls() {
139 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
140 }
141}
142
144class_alias( ApiQueryTokens::class, 'ApiQueryTokens' );
MediaWiki\Api\ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:543
MediaWiki\Api\ApiBase\getResult
getResult()
Get the result object.
Definition ApiBase.php:682
MediaWiki\Api\ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition ApiBase.php:1429
MediaWiki\Api\ApiBase\lacksSameOriginSecurity
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition ApiBase.php:609
MediaWiki\Api\ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:823
MediaWiki\Api\ApiHookRunner
This class provides an implementation of the hook interfaces used by the core Action API,...
Definition ApiHookRunner.php:63
MediaWiki\Api\ApiQueryBase
This is a base class for all Query modules.
Definition ApiQueryBase.php:31
MediaWiki\Api\ApiQueryBase\setContinueEnumParameter
setContinueEnumParameter( $paramName, $paramValue)
Set a query-continue value.
Definition ApiQueryBase.php:536
MediaWiki\Api\ApiQueryTokens
Module to fetch tokens via action=query&meta=tokens.
Definition ApiQueryTokens.php:24
MediaWiki\Api\ApiQueryTokens\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition ApiQueryTokens.php:110
MediaWiki\Api\ApiQueryTokens\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition ApiQueryTokens.php:26
MediaWiki\Api\ApiQueryTokens\isReadMode
isReadMode()
Indicates whether this module requires read rights.to override bool
Definition ApiQueryTokens.php:132
MediaWiki\Api\ApiQueryTokens\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.1.25, returning boolean false is deprecated...
Definition ApiQueryTokens.php:138
MediaWiki\Api\ApiQueryTokens\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.Return value has query strings as keys, with values being eith...
Definition ApiQueryTokens.php:122
MediaWiki\Api\ApiQueryTokens\getToken
static getToken(User $user, \MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition ApiQueryTokens.php:97
MediaWiki\Api\ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition ApiQueryTokens.php:64
MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition MediaWikiServices.php:257
MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition MediaWikiServices.php:345
MediaWiki\Session\Session
Manages data for an authenticated session.
Definition Session.php:37
MediaWiki\User\User
User class for the MediaWiki software.
Definition User.php:130
MediaWiki\User\User\getEditTokenObject
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition User.php:2748
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition ParamValidator.php:42
MediaWiki
Helper trait for implementations \DAO.